If you try to configure a scheduler map containing two
forwarding classes that are mapped to the same queue, the class-of-service
scheduler is not applied to the Packet Forwarding Engine. As a workaround,
configure a single forwarding class for each available queue. [PR/57907]
When you configure a specific classifier for a logical
unit, it does not override the fixed classifier configured using wildcards.
[PR/68888]
On the MX960, bandwidth sharing across high priority and
strict-high priority schedulers might not be as expected. This issue
occurs when the schedulers are configured on logical interfaces. [PR/265603]
Forwarding and Sampling
Under rare circumstances, if filter is changed while a
counter query is in progress and the system is under heavy load, the
system may crash. [PR/447033]
High Availability
When a static route created using the passive retain option
is pointing to a private interface such as fxp0, the backup router
during a GRES might not behave as expected. As a workaround, do not
use the passive retain option to create a static route to a private
interface. [PR/412746]
Interfaces and Chassis
On aggregated SONET/SDH interfaces, the counter for drops
and errors in the show interfaces command output does not
display the correct value, because the counter does not collect data
from the constituent interfaces within the aggregate. [PR/23577]
On a 2-port OC12 ATM2 IQ interface, the total virtual
path (VP) downtime might not display correctly in the show interfaces command output. [PR/27128]
On M20 and M40 routers, when a physical layer problem
affects a SONET/SDH interface, carrier transition statistics might
not increment correctly in the output of the show interfaces extensive command. [PR/33325]
When you configure both the bundle link and constituent
links at the [edit (logical-routers logical-router-name | logical-systems logical-system-name) interfaces] hierarchy level, the constituent links do not come up. As a workaround,
configure the constituent links at the [edit interfaces] hierarchy
level. [PR/35578]
When you apply an IPSec firewall filter to match traffic
sent across a generic routing encapsulation (GRE) tunnel and originating
from the local routing platform, the local traffic is dropped. Transient
traffic is not affected. [PR/44871]
On a Link Services PIC, the CLI might incorrectly allow
you to configure a logical tunnel interface (interface identifier
lt); the resulting interface might not work correctly. [PR/49818]
If you configure IS-IS, MPLS, and graceful Routing Engine
switchover (GRES) and a switchover event occurs, the routing platform
might end the PPP IP Control Protocol (IPCP) sessions and renegotiate
them if the remote side has changed interface MTU settings prior to
the switchover event. [PR/61121]
If you configure graceful Routing Engine switchover and
issue the request chassis routing-engine master acquire command,
in rare cases the master Routing Engine might fail to relinquish mastership,
or the switchover to the backup Routing Engine might take up to 360
seconds. [PR/61821]
For Automatic Protection Switching (APS) on SONET/SDH
interfaces, there are no operational mode commands that display the
presence of APS mode mismatches. An APS mode mismatch occurs when
one side is configured to use bidirectional mode, and the other side
is configured to use unidirectional mode. [PR/65800]
If you ping a nonexistent IPv6 address that belongs to
the same subnet as an existing point-to-point link, the packet loops
between the two point-to-point interfaces until the time-to-live expires.
[PR/94954]
The output of the show interfaces diagnostics optics command includes the "Laser rx power low alarm" field even if the
transceiver is a type (such as XENPAK) that does not support this
alarm. [PR/103444]
Hot swapping the M120 router fan tray might cause the Check CB alarm to activate. [PR/268735]
On the JCS 1200, when you issue the clear -config
-T switch[1] command using the management module, the switch
module returns to its factory default setting instead of the Juniper
Networks default setting. As a workaround, do not issue the command.
[PR/274399]
On the Juniper Control System (JCS) platform, the control
and management traffic for all Routing Engines share the same physical
link on the same switch module. In rare cases, the physical link might
become oversubscribed, causing the management connection to Protected
System Domains (PSDs) to be dropped. [PR/293126]
On a Protected System Domain (PSD) configured with a large
number of BGP peers and routes (for example, 5000 peers and a million
routes), FPCs might restart during a graceful Routing Engine switchover.
[PR/295464]
When two routers are connected via SONET/SDH interfaces
that are configured as container interfaces and the Routing Engine
on one router reboots, the container interfaces on the other router
might go down and come up again. [PR/302757]
Bandwidth on any IFL configured on an IFD should always
be less than or equal to that of speed on respective IFD. This fix
addresses the issue only on ether devices. If bandwidth is not configured
on the IFl, it will be set to the speed of the IFD. [PR/426469]
On M-series, MX-series, and T-series routing platforms,
if you configure IPv6 on an interface with no MAC address (such as
a SONET or loopback interface), it might cause the Routing Engine
to restart. As a workaround, do not configure IPv6 addresses on interfaces
that do not have MAC addresses. [PR/439252]
On an MX960 with a significant number of DPCs, even unconfigured
(more than 8), the output of show interface extensive command
can be very slow if SCU/DCU is configured for some units. [PR/449034]
Layer 2 Ethernet Services
The show dhcp binding interface interace-name command does not work properly when an MX Series Router is
configured as a DHCP server.
MPLS Applications
If you configure a label-switched path (LSP) with the no-cspf statement at the [edit protocols mpls] hierarchy
level, the LSP might cycle up and down several times before stabilizing.
[PR/10415]
If a cross-connected circuit (CCC) traverses a forwarding-adjacency
label-switched path (LSP), traffic forwarding might be affected. [PR/60088]
When you enable per-packet load balancing on parallel
label-switched paths (LSPs), the output of the show mpls lsp ingress command might display all the routes on only one of the LSPs even
when traffic is evenly balanced across the LSP. [PR/70487]
For point-to-multipoint LSPs configured for VPLS, the ping mpls command reports 100 percent packet loss even though
the VPLS connection is active. [PR/287990]
On M Series routers, if you disable and then enable IPv6
on an interface, routing on that interface will no longer work. [PR/459781]
Network Management
Prior to JUNOS Software Release 10.0R1, snmpwalk on ipNetToMediaPhysAddress
might show some arp entries as missing from the ones shown in the show arp command output.
Platform and Infrastructure
On T-series platforms, a Layer 2 maximum transmission
unit (MTU) check is not supported for MPLS packets exiting the routing
platform. [PR/46238]
When you configure a source class usage (SCU) name with
an integer (for example, 100) and use this source class as a firewall
filter match condition, the class identifier might be misinterpreted
as an integer, which might cause the filter to disregard the match.
[PR/50247]
On a Monitoring Services III PIC configured as a dynamic
flow capture (DFC) interface (dfc-fpc/pic/port), when you configure
the DFC interface as the next hop in a forwarding path, port-mirrored
packets might become corrupted. [PR/60799]
If you configure 11 or more logical interfaces in a single
VPLS instance, VPLS statistics might not be reported correctly. [PR/65496]
When a large number of kernel system log messages are
generated, the log information might become garbled and the severity
level could change. This behavior has no operational impact. [PR/71427]
On M320 and T-series routing platforms, a process monitors
FPCs while they transition to an online state. If an FPC is busy and
cannot complete the transition within the time limit, the process
might time out and prevent the FPC from coming online. [PR/72364]
When a Link Services (LS) interface to a CE router appears
in the VPN routing and forwarding table (VRF table) and fragmentation
is required, Internet Control Message Protocol (ICMP) cannot be forwarded
out of the LS interface from a remote PE router that is in the VRF
table. As a workaround, include the vrf-table-label statement
in the configuration. [PR/75361]
Traceroute does not work when ICMP tunneling is configured.
[PR/94310]
On T-series and M320 routers, multicast traffic with the
"do not fragment" bit set is being dropped due to a low MTU value.
The router might stop forwarding all traffic transiting this interface
if the clear pim join command is executed. [PR/95272]
A firewall filter that matches the forwarding class of
incoming packets (that is, includes the forwarding-class statement at the [edit firewall filter filter-name term term-name from] hierarchy level)
might incorrectly discard traffic destined for the Routing Engine.
Transit traffic is handled correctly. [PR/97722]
The JUNOS software does not support dynamic ARP resolution
on Ethernet interfaces that are designated for port mirroring. This
causes the Packet Forwarding Engine to drop mirrored packets. As a
workaround, configure the next-hop address as a static ARP entry by
including the arp ip-address statement
at the [edit interfaces interface-name] hierarchy level. [PR/237107]
When Periodic Packet Management (PPM) delegation for Bidirectional
Forwarding Detection (BFD) sessions is disabled (the delegate-processing statement is removed at the [edit routing-options ppm] hierarchy
level), the BFD sessions might be terminated (because a "state is
down" message is sent) and reestablished. [PR/280233]
When you perform an in-service software upgrade (ISSU)
on a routing platform with an FPC3 or an Enhanced FPC3 with 256 MB
of memory and the number of routes in the routing table exceeds 750,000,
route loss might occur. If route loss occurs, as a workaround, perform
either of the following tasks: (a) replace the FPC3 or Enhanced FPC3
with another FPC that has more memory, or (b) after the ISSU is complete,
reboot only the FPC3 or Enhanced FPC3. [PR/282146]
For Routing Engines rated at 850 MHz (which appear as RE-850 in the output from the show chassis hardware command), messages like the following might be written to the system
log when you insert a PC Card: “bad Vcc request” and “Device
does not support APM.” Despite the messages, operations that
involve the PC Card work properly. [PR/293301]
On a Protected System Domain, under the following conditions
an FPC might generate a core file and stop operating:
A firewall policer with a large number of counters (for
example, 20,000) is applied to a shared uplink interface.
The FPC that houses the interface does not have a sufficiently
powerful CPU
As a workaround, reduce the number of counters or install
a more powerful FPC. [PR/311906]
When a CFEB failover occurs on an M10i or M7i router that
has 4000 or more IFLs, the following message will display:
IFRT: 'IFD ioctl' (opcode 10) failed ifd 153; does not exist IFRT: 'IFD Ether autonegotiation config' (opcode 163) failed
The message has no operational impact. When the backup CFEB
becomes the active CFEB, the message will not display. [PR/400774]
On M320, M120, T-series, and MX-series routers, a traceroute
egressing an LSP, configured for explicit-null and no-decrement-ttl
or no-propagate-ttl, might not show the transit IP hop router immediately
after the LSP egress router. [PR/438735]
The routing engine on the line card chassis of the TX
Matrix Router, sometimes the reboot will fail due to an incorrect
ntp query. [PR/450217]
If you configure a lot of vrf prefixes with the l3vpn-composite-nexthop statement and then there are a lot of link flaps, the jtree might
become corrupted. This corruption triggers traffic blackholing. Other
symptoms of this are the router sending VPN MPLS traffic with stale
MPLS label information or running out of layer 2 descriptors after
a lot of flaps. [PR/468584]
An FPC may stop forwarding traffic when an aggregate interface
flaps and the router is using per-prefix load balancing (default configuration)
for some prefixes. For this issue to occur the aggregate interface
must flap. The more likely scenario under which this issue can occur
is when aggregate interface is configured with just a single link
(that flaps) AND per-prefix load balancing is used. This issue can
be avoided by using load balancing per-packet policy for all prefixes
(per-flow load balancing) and/or not having aggregate interfaces flap.
The most likely aggregate interface to flap is one with a single member
link. [PR/477326]
Routing Protocols
The CLI allows you to commit a configuration that specifies
a value higher than 32 for the metric statement at the [edit protocols dvmrp interface all] hierarchy level; however,
values higher than 32 are invalid. [PR/33429]
If a router receives a Pragmatic General Multicast (PGM)
Source Path Message (SPM), it does not create a forwarding cache,
nor does it forward the message to other routers as a heartbeat, as
specified in RFC 3208. Also, the router’s multicast cache might
time out if it does not receive actual PGM data (ODATA) for more than
6 minutes. As a workaround, configure the PGM source application to
send PGM ODATA at least once every 6 minutes. The ODATA acts as the
heartbeat message in lieu of the SPM messages and ensures that the
multicast and forwarding caches are created and updated. [PR/37504]
When you configure damping globally and use the import
policy to prevent damping for specific routes, and a new route is
received from a peer with the local interface address as the next
hop, the route is added to the routing table with default damping
parameters, even though the import policy has a nondefault setting.
As a result, damping settings do not change appropriately when the
route attributes change. [PR/51975]
When you issue the show ldp traffic-statistics command, the following system log message might be generated for
all forwarding equivalence classes (FECs) with an ingress counter
set to zero: "send rnhstats GET: error: ENOENT -- Item not found."
[PR/67647]
If ICMP tunneling is enabled on the router and you configure
a new logical system that does not have ICMP tunneling enabled, the
feature is globally disabled. [PR/81884]
When the flow of multicast traffic changes because an
OSPFv3 link goes down, the output from the show multicast statistics
inet6 command reports incorrect values in the In kbytes and In packets fields for the new ingress interface. [PR/234969]
When you commit a new configuration for nonstop routing
(NSR) on a primary Routing Engine that differs from the configuration
for NSR that is already running on the backup Routing Engine, the
routing protocol process stops functioning on the backup Routing Engine
only. Traffic forwarding is not affected. [PR/254379]
When you configure the l3vpn-composite-nexthop statement at the [edit routing-options] hierarchy level
and issue the commit command, the BGP session is immediately
restarted. [PR/292173]
RPD may restart if PIM is configured to run on unnumbered
interfaces. [PR/295319]
When the state for an IGMP group is exclude and
the source list is non-empty, the traffic for the excluded
sources will still be received and sent as if it were in the exclude
state. [PR/422190]
The router might crash if the a non-existent table is
referenced when using the rib-groups statement. [PR/467332]
If a reject route is present for the address of an multicast
source discovery protocol (MSDP) SA originator, the routing protocol
process (RPD) might crash. [PR/469142]
When a dampened route is restored, the accepted counter
for the peer in the show bgp summary command output is not
shown. [PR/473567]
Sometimes the closing tag for route-family is missing
in the output of the show multicast route extensive | display
xml statement.
Services Applications
The show services accounting flow-detail extensive command sometimes displays incorrect information about input and
output interfaces. [PR/40446]
On Adaptive Services PICs configured for IPSec tunnel
redundancy, if there are a large number of tunnels, sometimes a few
of the tunnels might switch over to the backup tunnel. [PR/46733]
When a routing platform is configured for graceful Routing
Engine switchover and Adaptive Services (AS) PIC redundancy, and a
switchover to the backup Routing Engine occurs, the redundant services
interface (rsp-) always activates the primary services interface
(sp-), even if the secondary interface was active before
the switchover. [PR/59070]
For Adaptive Services II PICs, even if you do not configure
flow collector services, a temporary file might be created every 15
minutes in the /var/log/flowc/ directory. The file is deleted
if there are no clients, and re-created only when a client connects
and attempts to write to the file. [PR/75515]
When the PGCP configuration contains values for RTCP traffic
management for sustained-data-rate or peak-data-rate (at the [edit pgcp gateway gateway-name h248-properties traffic-management
sustained-data-rate rtcp] hierarchy level), SIP calls may fail
with error code 500 (Internal Server Error). The default values of
the RTCP SDR and PDR are 5% of RTP's SDR and PDR. If the configuration
overrides these values and sets RTCP's SDR to be higher than the PDR,
media gates for calls will not be created, and the call is rejected
with error code 500.
On a services interface, the mlppp reassembly logic will
not do strict out-of-order check. In a multi-cpu packet handling environment,
a later arrived packets could be processed before the first one. [PR/430296]
Application layer gateways (ALGs) might cause memory corruption
when certain flows in the session are closed ahead of the main initiator
flow. [PR/475436]
When a standard application is specified under the [edit security idp idp-policy policy-name rulebase-ips rule-name match application] hierarchy, IDP doesn't
detect the attack on the non-standard port (for example, junos:ftp
on port 85). Whether it is a custom or predefined application, the
application name does not matter. IDP simply looks at the protocol/port
from the application definition. And then, only when traffic matches
the protocol/port, then IDP tries to match/detect against the attached
attack. [PR/477747]
Subscriber Access Management
When dynamic IP address assignment is configured, if there
is only one address left in the address allocation pool and an attempt
to authenticate with a service fails (because, for example the authentication
request specifies an invalid service name), a subsequent authentication
attempt for the service also fails. The following messages might appear
in the log for the authentication process (authd): "assigned address address in use, trying next available" and "Unable to
assign an address." [PR/305516]
User Interface and Configuration
Performance is considerably slower for users who have
permissions controlled by Juniper-Allow-Cmmands and/or Juniper-Deny-Commands expressions and have complex regular expressions
configured under these same commands. To help avoid this problem,
define the expressions in the allow-configuration and deny-configuration commands in a restrictive manner. [PR/63248]
On M20 routers, after a Routing Engine mastership switchover,
it might not be possible to enter CLI configuration mode on the new
master Routing Engine. Also, the request system reboot and request system halt commands do not clearly fail but do not
return the CLI prompt either. [PR/64899]
The logical system administrator can modify and delete
master administrator-only configurations by performing local operations
such as issuing the load override, load replace,
and load update commands. [PR/238991]
Help Page Information is not available for the Monitor->Alarms
Page. [PR/437377]
The message from jcs:syslog() is visible after the rest
of the system log. [PR/449778]
Jweb will not display the USB option under Maintain->Reboot->Reboot
from Media. [PR/464774]
VPNs
When you modify the frame-relay-tcc statement
at the [edit interfaces interface-name unit logical-unit-number] hierarchy level of a Layer 2
VPN, the connection for the second logical interface might not come
up. As a workaround, restart the chassis process (chassisd) or reboot
the router. [PR/32763]
Traffic might not flow when an ATM interface is used as
the access circuit on an M120 router. [PR/255160]
For a VRF instance configured for PIM, MVPN, and provider
tunnels (the pim and mvpn statements are included
at the [edit routing-instances vpn-name protocols] hierarchy level and the provider-tunnel statement is included
at the [edit routing-instances vpn-name] hierarchy level), when PIM is deactivated and reactivated, it fails
to install type-5 (source-active) routes in the instance-name.mvpn.0 routing table. This issue arises only when remote C-multicast
joins are configured on the ingress PE router (as displayed by the show mvpn c-multicast command). [PR/306983]
When you configure inter-AS VPLS with MAC processing at
the autonomous system (AS) boundary router along with multihoming,
and if a designated forwarding AS boundary router fails and then comes
back up again, traffic flowing to the local AS from the other AS’s
boundary router might be lost. The loss occurs in the time period
(tenths of a second) during which the old designated forwarding AS
boundary router is taking back the role of designated forwarder. [PR/312730]
Under certain circumstances, if BGP is configured as the
PE router to CE router protocol in a Layer 3 VPN routing instance,
renaming the routing instance can cause the PE router to CE router
session to stay down. [PR/399275]
Resolved Issues
Class of Service
In the cosd logs for JUNOS Release 9.4R1, "entries" is
misspelled as "enteries." [PR/439993]
When an intelligent queuing PIC is offlined and onlined,
the chassis scheduler map might change to [95,0,0,5]. As a workaround,
deactivate the chassis scheduler map before offlining PIC and then
activate the chassis scheduler map after PIC comes online. [PR/444543]
When a classifier is applied on a services PIC logical
interface, a commit warning is issued stating that the classifier
is not supported on this interface. [PR/448913]
Forwarding and Sampling
On M320 and T-series routing platforms, when you configure
interface output sampling, packets sometimes might travel through
the output firewall. As a workaround, configure a firewall filter
on the output interface with then sample and then next-term statements. The workaround provides the same functionality as the
other configuration, but avoids the problem behavior. [PR/70473]
On T-series routers, if there is an ingress firewall configured
to drop all incoming multicast packets the discarded multicast packes
are sent to the routing engine incorrectly. This causes a high utilization
of the CPU (50%) on the FPC. [PR/239268]
When configuring routing-instance in a firewall filter,
the router will give a warning message “Warning: statement ignored:
unsupported platform”. [PR/421765]
Upon changing policers on a Aggregated Ethernet interface,
the DPC might reboot. [PR/431635]
High Availability
When you issue the show chassis ethernet-switch statistics command on a routing platform with graceful Routing Engine (GRES)
switchover enabled, the two Routing Engines might be unable to exchange
information for about 2 seconds. [PR/233779]
Interfaces and Chassis
On the Channelized STM-1 with QPP PIC, error monitoring
for CRC and Frame Errors might not work as expected. [PR/39440]
When you configure ILMI on an ATM interface (include the ilmi statement at the [edit interfaces interface-name atm-options] hierarchy level) and a graceful Routing Engine
switchover (GRES) or unified in-service software upgrade (ISSU) event
occurs, the show ilmi command no longer returns any output.
[PR/282051]
On a router with Frame Relay multilink configured on a
MultiServices 400 PIC or on a channelized DS3 PIC, when the minimum
links value for the Frame Relay interface is set to 8 and a link is
deactivated from the configuration, the link remains up. [PR/285244]
The XML output is not correct when the VRRP track interface
is configured. [PR/414734]
Under some conditions, if an interface flaps for an interval
less than the hold down time value configured, an interface might
stop forwarding even though it shows as being UP. As a workaround,
enable traffic monitoring on the interface or enable and disable the
interface. [PR/423065]
Upon changing policers on a Aggregate Ethernet interface,
the DPC might reboot. [PR/431635]
For some interfaces, when configured with the WAN-PHY
framing mode, the monitor interface command might be missing
some counters.. [PR/435775]
Too many ATM2 error interrupts might cause the FPC to
panic. [PR/438073]
When you configure the payload port-data statement
at the [edit family mpls hash-key] hierarchy level on M120,
MX-series, or M320 platforms with E3 FPCs, the hashing algorithm might
not take the port-data values into account. [PR/442223]
On M-Series routers, BGP sessions flap when any configuration
(even irrelevant) change happens. As a workaround, make the difference
between the configured MRRU and MTU to be greater than eight. [PR/442688]
If VRRP tracks a cloned route then the cloned route will
always be treated as down. The reason is that the unicast cloned routes
do not get added to routing table. [PR/446408]
Layer 2 Ethernet Services
When you configure graceful Routing Engine switchover
(GRES) on MX-series routers, the Switch Interface Board (SIB) might
not initialize if you reboot both Routing Engines simultaneously or
reboot a router with only one Routing Engine installed. [PR/408359]
MPLS Applications
When you modify the primary path for an MPLS LSP by using
the delete protocols mpls label-switched-path lsp-path-name primary
path-namecommand in configuration mode, followed by the set
protocols mpls label-switched-path lsp-path-name primary path-name command, and then issue the commit command, the entire
LSP (both primary and secondary) is torn down and then rebuilt from
scratch. As a workaround, issue the delete protocols mpls label-switched-path
lsp-path-name primary path-name command in configuration mode
followed by the commit command. Then issue the set protocols
mpls label-switched-path lsp-path-name primary path-name command
followed by the commit command. [PR/62365]
When there are more than five link-protected or node-link-protected
LSPs to the same destination and per-packet load balancing is enabled,
some bypass next-hops might not be part of the active route. This
can occur after a primary link goes down and comes back up. [PR/259219]
The mplsResourceTunnelTable reports bandwidth
in bps instead of kbps. [PR/432716]
MPLS LSP auto-bandwidth adjustment may stop working while
RSVP signals for the path; either optimization is initiated or the
LSP goes down. [PR/438157]
Network Management
When the SNMP get response is larger than 9 KB, a "Message
too long" log is reported but no SNMP gets a response failure with
a code "tooBig" sent back to the source. [PR/389559]
tcpdump might report a max-response-time within IGMP in
seconds while it is presenting units of 1/10 of a second. [PR/424618]
Platform and Infrastructure
On T-series routing platforms, the commit operation succeeds
when you include the no-labels statement at the [edit
forwarding-options hash-key family mpls] hierarchy level, but
MPLS labels are still included in the hash key. [PR/80334]
After an ISSU software upgrade on the MX-series router,
you might see a kernel database replication error, ISSU prepare timeout,
and a core dump. These problems might be due to issues with allocated
schedulers after the ISSU. This issue is seen only with Gigabit Ethernet
Enhanced Queuing IP Services DPCs. [PR/427694]
Routing Protocols
If a BGP group is created but without any defined peers,
a warning message appears when the configuration is committed. [PR/63279]
Reverse OIF mappings are lost when you add or delete an
interface-set of multicast VLANs when subscriber VLANs were active.
[PR/423376]
When reverse OIF mapping enabled is configured on multicast
VLAN interfaces, reverse OIF mappings to DHCP subscriber interfaces
are lost if the routing protocol process gracefully restarts. [PR/438930]
When the l3vpn-composite-nexthop statement and
the multipath vpn-unequal-cost statement at the [edit
routing-options] hierarchy are configured together, the routing
process may crash during the multipath calculation for destinations
that contain both composite and non-composite eligible paths. [PR/448745]
Services Applications
The output of the show services nat pool command
displays duplicate entries for a single Network Address Translation
(NAT) pool. [PR/34678]
Subscriber Access Management
Incorrect reverse OIF mappings can be created when a multicast
VLAN interface with reverse-OIF mapping enabled receives a join request from a DHCP subscriber and both of the following are true:
A valid route to the subscriber is not present and another route's
subnet mask overlaps the address of the subscriber interface. [PR/416774]
On MX routers, Wimax testing with SBR must be done with
Non-Transposable IP for high availability (HA). Otherwise FA-HA authentication
will fail with return code 132. [PR/431969]
VPNs
On a BGP Layer 3 VPN provider edge router with a combination
of (1) label per next hop in the VRFs, (2) configuration of the same
IP addresses in different VRFs, and (3) a need for an indirect next-hops
within the VRFs, then label routes– with an indirect next hop,
may be created incorrectly in the master instance table "mpls.0."
[PR/436404]
After the ingress PE router for an NG MVPN instance performs
a GRES event, the egress PE routers could fail to install a new forwarding
state for the multicast traffic. Clearing the BGP session on the ingress
router can restore traffic to all egress routers. [PR/441392]
The VPLS instance on the MX960 does not learn the remote
CE MAC address after issuing the clear vpls mac-address command.
[PR/476020]
Resolved Issues
Previous Release
Resolved Issues
9.5R2
Class of Service
In JUNOS Release 8.4 and later, the commit or commit check operation fails if a rewrite rule is defined both
at the [edit class-of-service interfaces interface-name unit logical-unit-number rewrite-rules] hierarchy level and in a configuration group (defined at the [edit groups] hierarchy level) that is applied to that interface.
The correct behavior is for the directly applied rule to override
the rule inherited from the configuration group. [PR/261229: This
issue has been resolved.]
When you set the port speed of a multirate SONET Type
2 PIC to OC3, it does not correctly change the CoS speed value within
the Packet Forwarding Engine. The speed value remains OC12, which
results in unexpected CoS behavior. There is no workaround. [PR/279617:
This issue has been resolved.]
When a CoS classifier is applied to a logical unit with
a wildcard (*), the default classifier is removed after the Routing
Engine reboots. [PR/427848: This issue has been resolved.]
A packet drop is seen when a logical unit is configured
with the per-unit-scheduler. [PR/429961: This issue has been resolved.]
On M320 routers, when the Tunnel PIC is on a standard
FPC, multicast traffic conforming to Internet draft-rosen-vpn-mcast-08.txt
might be subject to incorrect CoS queuing and rewrite. [PR/433142:
This issue has been resolved.]
The CoS DSCP classifier might not work properly on a redundant
LSQ interface. [PR/435701: This issue has been resolved.]
After the aggregate chassis configuration is deactivated
then activated, the classifier might not be properly applied on aggregate
interfaces. [PR/442240: This issue has been resolved.]
The OC-3/12 Multi-Rate PIC may not be able to transmit
any packet. [PR/444077: This issue has been resolved.]
When an intelligent queuing PIC is taken offline and brought
back online, the chassis scheduler map configured may be changed to
[95,0,0,5]. The workaround is to deactivate the chassis scheduler
map before offlining the PIC and activate the configuration after
the PIC becomes online. [PR/444543: This issue has been resolved.]
Forwarding and Sampling
When a filter term has "next term" as the action, the
action may be shown in the firewall log as "unknown" for the matched
outgoing packets. [PR/421810: This issue has been resolved.]
If (1) an input-list or output-list is configured on an
interface in a logical system, (2) the filters in the list are defined
under the firewall hierarchy of the main router, and (3) a prefix
list defined under the policy-options of the main router is referenced
by one of the filter in the list, the commit will fail with the error
message "Referenced prefix-list xxx is not defined." [PR/427253: This
issue has been resolved.]
General Routing
When attempting to use a framed route from a RADIUS client,
rpd may core if there is no static route table. [PR/432447: This issue
has been resolved.]
Interfaces and Chassis
In a TX Matrix router, the show chassis fpc fpc-number command returns an error instead of showing
FPC information when the FPC number is greater than 8. [PR/387956:
This issue has been resolved.]
When you reboot an FPC while it is coming on line and
if the FPC adding process is interrupted before it is successfully
completed, the chassis process does not operate properly. [PR/400676:
This issue has been resolved.]
When traffic is passed at near maximum throughput to any
queuing IQ2 or IQ2E PICs or DPCs, the show interfaces xe-fpc-pic-port extensive command output
for queue counters might be incorrect. [PR/401431: This issue has
been resolved.]
Incorporating any changes in the interfaces configuration
results in a small leak in the dcd process. The leak is at the rate
of 16 bytes per interface configured per commit. [PR/411596: This
issue has been resolved.]
When you configure LACP on an aggregated Ethernet interface,
the counters displayed by the show interface extensive command
might show unexpected values. This problem occurs for logical interfaces
that have an incoming interface index value that matches the default
index of the data stream. [PR/418054: This issue has been resolved.]
On the M320 router, clearing statistics with the clear
interfaces statistics command might take up to 10 seconds. [PR/421520]
The PPP MTU value of an interface protocol on a peer might
change as a result of an irrelevant configuration change and cause
the PPP MTU negotiation to fail. [PR/421706: This issue has been
resolved.]
Using disable under an aggregate member can lead the interface
to be flagged in the “HARDDOWN” state despite being physically
up. Deactivate/Activate the interface to fix the problem. [PR/422933:
This issue has been resolved.]
During the Switching and Forwarding Module (SFM) switchover
process, the algorithm to switch over the SFM and take the FPC off
line does not clear the hard and soft errors on each FPC. [PR/433616:
This issue has been resolved.]
In the output of the show chassis pic fpc-pic-slot command, the 40-Port
Gigabit Ethernet DPC with SFP might be shown erroneously as 1000LH
instead of 1000EX. [PR/438753: This issue has been resolved.]
When the same logical interface is deleted from the default
system and added into logical system, the Routing Engine might fail.
[PR/441284: This issue has been resolved.]
When the sum of the shaping rate for the logical interfaces
for a physical interface is greater than the physical interface's
bandwidth and a rate limit is applied to one of the logical interface
queues, the bandwidth limit for the queue will be based on a scaled
down logical interface shaping rate value rather than the configured
logical interface shaping rate. [PR/441413: This issue has been resolved.]
When the ingress router re-signals an RSVP session, traffic
could egress a disabled SONET interface that is part of an APS group
using container interfaces. Switching the APS interfaces resolves
the problem. [PR/443295: This issue has been resolved.]
Layer 2 Ethernet Services
Upon issuing the clear dhcp relay bindings all command, not all access-internal routes are deleted from the route
table for DHCP subscribers being terminated on dynamic demux interfaces.
The routes point to demux interfaces that are not present anymore.
Associated ARP entries and DHCP bindings appear to be properly cleared.
[PR/425279: This issue has been resolved.]
The relay-option-60 configuration stops working
under a configured group if something else is changed under that group.
[PR/434373: This issue has been resolved.]
After the MX-series router reboots, no DHCP packets reach
the JDHCPD log. [PR/438269: This issue has been resolved.]
MPLS Applications
On an M-series or T-series router, when an MPLS label-switched-path
(LSP) re-optimizes or changes path and there is a signaling failure
along that path, then the path change will not happen until the next
LSP re-optimization event. [PR/401343: This issue has been resolved.]
The load-balancing spread is affected when both the primary
and the first secondary LSP are out of commission. [PR/422596: This
issue has been resolved.]
For JUNOS Release 9.5 and later, when the show mpls
lsp p2mp statistics egress command is entered, the Packets and
Bytes fields should display as "NA" for egress LSP sessions. The statistics
should display meaningful numbers only for ingress and transit LSP
sessions. Instead, the fields display as 0 with the show mpls
lsp p2mp statistics egress command. This is changed to NA after
including the no-tunnel-services statement at the [edit
routing-instances vpls1 protocols vpls] hierarchy level. [PR/429001:
This issue has been resolved.]
If you have disabled the trap statement at the
[edit protocols ldp log-updown] hierarchy level, upgrading
to JUNOS Release 9.2 and later from a release previous to 9.2 will
fail. [PR/432003: This issue has been resolved.]
Network Management
When subagents are slow in responding to SNMP queries,
the SNMP process continues to buffer the incoming SNMP requests.
SNMP memory becomes exhausted after the buffer increases to a bigger
value, which causes the SNMP process to dump core. [PR/430106: This
issue has been resolved.]
When Routing Engine 1 (RE1) is reloaded, the Management
Information Base II (MIB II) process (mib2d) dumps core. [PR/436218:
This issue has been resolved.]
When the master SNMP process (snmpd) restarts on a TX
Matrix platform, the SNMP subagent running on the line-card chassis
(LCC) chassis process (chassisd) tries to register MIB objects with
the master snmpd. If the registration progress enters in infinite
loop, it causes the master snmpd to consume high CPU utilization.
[PR/438085: This issue has been resolved.]
Platform and Infrastructure
On M320 and T-series routing platforms, when you configure
the local gateway of an IPSec tunnel in a routing instance, IPSec
might not function properly over a generic routing encapsulation (GRE)
tunnel. [PR/73864: This issue has been resolved.]
On MX-series platforms using Routing Engine-based sampling,
when samples are sent from the Packet Forwarding Engine to the Routing
Engine over certain interfaces, the interface Input/Output index and
next-hop address are set to 0. The following interfaces are affected:
ge-x/0/y, ge-x/1/y, xe-x/2/0, and xe-x/3/0. It is not possible in
this case to match on the interface index to retrieve data from the
flow collector. [PR/286089: This issue has been resolved.]
If a duplicate address is detected for IPv6 family on
an Ethernet interface, the DAD does not get restarted even after the
interface goes down and comes up. [PR/421241: This issue has been
resolved.]
On the M320 router, clearing statistics with the clear
interfaces statistics command might take up to 10 seconds. [PR/421520:
This issue has been resolved.]
On M10i routers with I-chip based E-CFEBs, IQ2 PIC ISSU
is not supported. Take the IQ2 pic offline before initiating ISSU
on M10i routers. [PR/421988: This issue has been resolved.]
When you configure an Aggregate Ethernet interface as
unnumbered, the router might fail. As a workaround, do not configure
Aggregate Ethernet interfaces with unnumbered addresses. [PR/428345:
This issue has been resolved.]
On MX-series Ethernet Services routers, the FPC might
reboot without a core dump when the DWDM is incorrectly configured,
and that incorrect configuration causes many link flaps. As a workaround,
either disconnect the offending link or include the disable statement at the [edit interfaces] hierarchy level to stop
the FPC reboots. [PR/430703: This issue has been resolved.]
When configuring proxy-arp on unnumbered interfaces, the
router can incorrectly answer address-collision-detection ARP requests,
causing DHCP clients to decline the offered address. [PR/431192: This
issue has been resolved.]
When you configure flow monitoring on a T1600 router with
a T640 or T1600 Enhanced Scaled FPC4, if both input and output traffic
are located on the same bottom Packet Forwarding Engine, the next
hop address and output interface are set to 0. [PR/431567: This
issue has been resolved.]
On MX-series and M120 routers, and M320 routers with an
Enhanced III FPC, if the VRF configuration includes the vrf-table-label statement, a DPC or FPC might dump the core when an MPLS packet
with time-to-live (TTL) equal to 0 (zero) or 1 (one) is processed
at the egress provider edge (PE) router. [PR/436017: This issue has
been resolved.]
The Address Resolution Protocol (ARP) retry count might
be incorrect: instead of sending out the first five retries every
second, the third and consequent retries might be sent out every 15
seconds. [PR/436580: This issue has been resolved.]
On an MX-series platform with a Combo DPC (20-port 1-Gigabit
Ethernet 2-port 10-Gigabit Ethernet), if the family mpls statement
is included at the [edit interfaces interface-name unit logical-unit-number] hierarchy level
for the 1-Gigabit Ethernet port of a DPC slot, the show interfaces
statistics command reports zero values for input traffic at all
ports. This issue does not affect the input traffic statistics for
the 10-Gigabit Ethernet ports. This is a cosmetic issue and does
not affect functionality. [PR/436653: This issue has been resolved.]
SCU configuration causes the PFE to drop some host-bound
packets on M320 and T-series routers. [PR/438261] [PR/438261: This
issue has been resolved.]
Under certain circumstances intelligent queuing PICs might
not be able to boot properly on E3-FPCs. [PR/438678: This issue has
been resolved.]
When certain FPCs (T1600-FPC4-ES, T640-FPC4-1P-ES, T640-FPC1-ES,
T640-FPC2-ES, and T640-FPC3-ES) receive corrupted cells via high-speed
links, they might unnecessarily reboot and report the following system
log error message: “Unrecoverable Error: Flist gtop bit toggled
!”. No reset is needed to recover from this condition. [PR/441844:
This issue has been resolved.]
On T1600, TX Matrix or T640 routers installed in JUNOS Release
9.3 or higher with one of the following Flexible PIC Concentrators
(FPCs):
T1600-FPC4-ES
T640-FPC4-1P-ES
T640-FPC4-ES
T640-FPC1-ES
T640-FPC2-ES
T640-FPC3-ES
jtree memory might get corrupted once routes are deleted while
traffic is send to those prefixes. This can result in permanent or
transient packet drops.
One or more of following messages might get logged in the system
log:
SRCHIP(1): 131072 Discards - stack underflow
SRCHIP(1): 129735 Discards - truncated key - next hop
SRCHIP(1): SOF (58) >= DMA length (46) (Read Channel
SRCHIP(1): RKME int_status 0x300
SRCHIP(1): 4670347 Multicast list discard route entries
SRCHIP(1): 14486 Discards - illegal BTT
SLCHIP(1): 1617082 new errors (illegal link) in DESRD
last stream 0 last lout_key 0xabd0e
o SLCHIP(1): 1622998 new errors (packet error) in HDRF,
lout_hdrf_poll_stats
There is no workaround and an FPC reboot might be needed to
recover. [PR/443171: This issue has been resolved.]
Routing Protocols
Deactivation of routing instances might cause the routing
protocol process (rpd) to create a soft assertion core dump. [PR/396122:
This issue has been resolved.]
If a multi access interface is disabled, after a Routing
Engine switchover this disabled link is advertised in the router link-state
advertisement (LSA). [PR/418559: This issue has been resolved.]
If OSPF is in overload mode on the standby Routing Engine
but not in overload mode on the primary Routing Engine, it may take
a long time to install OSPF routes on the standby Routing Engine.
[PR/421636: This issue has been resolved.]
Community types are allocated at random to the members
in the community list; as a result, sometimes extended communities
are treated as simple and vice versa, which causes problems with the
VRF import code. [PR/430728: This issue has been resolved.]
If static route pointing to discard is configured, a core
may happen when the router tries to collect the multicast statistic
data. [PR/434298: This issue has been resolved.]
BGP in L3VPN will show “local-id 0.0.0.0”
in output from the show bgp neighbor command when NSR is
enabled [PR/434321: This issue has been resolved.]
When you configure support for alternate loop-free routes
through the link-protection statement and you configure
PIM join-load-balance, the backup paths will be used in load-balancing
PIM joins along with the active path. [PR/434996: This issue has been
resolved.]
With BGP multipath configured, BGP traceoption flags may
not be refreshed after a change in the traceoption flag configuration.
[PR/436440: This issue has been resolved.]
Embedded RP is not created upon receiving a trigger from
multicast traffic. Deactivating and activating the configuration solves
the issue. [PR/437893: This issue has been resolved.]
If PIM is disabled, embedded rendezvous point (RP) configurations
might cause continuous routing protocol process (rpd) cores. [PR/438159:
This issue has been resolved.]
When you configure auto-rp, if the rendezvous point (RP)
configuration is deactivated and then reactivated on the provider
edge router, the router fails to rediscover the RP announced by the
customer edge router. [PR/438356: This issue has been resolved.]
If a rib is referenced within the from clause of a policy
statement the statement, might be changed on every commit. This can
lead to route flaps on every commit if the statement is used as the
import policy for a rib group which in turn is referenced in OSPF.
[PR/441557: This issue has been resolved.]
RPD may crash if a VRF routing instance is reconfigured
in a single commit from Draft-Rosen MVPN to Next-Gen MVPN with RSVP-TE
inclusive provider-tunnels. [PR/442391: This issue has been resolved.]
When you configure the path-selection always-compare-med statement at the [edit protocols bgp] hierarchy level,
BGP multipath might not find all the eligible paths. [PR/444629: This
issue has been resolved.]
TTL for BGP listen socket changed from 64 to 255 to give
support for GTSM. [PR/449160: This issue has been resolved.]
Services Applications
When using L2TP services on M-series routers, every session
or tunnel connection and disconnection will leak memory. [PR/312961:
This issue has been resolved.]
When the IDP config, service-sets and interfaces are committed
separately, the IDP policy push will fail. [PR/434624: This issue
has been resolved.]
User Interface and Configuration
When you set the time-zone statement at the [edit system] hierarchy level, it might cause the backup Routing
Engine to lock the configuration. As a result, you would no longer
be able to reboot the Routing Engine or perform any commits. To clear
the issue, you must log on to the backup Routing Engine and issue
the clear system commit command. [PR/309100: This issue has
been resolved.]
In JUNOS Release 9.5, the time it takes to commit a configuration
is significantly improved when the configuration is very big (for
example, for 250K firewall filters or 64K IFLs). With small or medium
configurations; however, the improvement in commit time is not as
noticeable or might even seem slower because of features added in
JUNOS Release 9.5. [PR/417957] [PR/417957: This issue has been resolved.]
The dynamic-db policies feature works under logical systems
but the user needs to restart the logical router after any changes
or commits to the dynamic policy configuration under the [edit
logical-systems] hierarchy level in the dynamic database. [PR/418969:
This issue has been resolved.]
When you issue the commit confirmed command on
a TX Matrix platform, it might not roll back to the original configuration
as expected when the commit is not confirmed. [PR/425642: This issue
has been resolved.]
Trying to use the system-generated certificate which is
displayed in JWEB, it will commit errors. [PR/432208: This issue
has been resolved.]
When you configure trace options at the [edit system
scripts] hierarchy level, the router sometimes produces commit
errors. [PR/438289: This issue has been resolved.]
VPNs
Applying configuration changes that remove a static point-to-multipoint
LSP and at the same time a static MVPN provider tunnel group configuration
can cause the routing protocol process (rpd) to reset unexpectedly.
To avoid this problem, first delete the provider-tunnel configuration
and then the LSP configuration. [PR/288456: This issue has been resolved.]
When you delete a Layer 2 VPN routing instance and add
a new VPLS routing instance using the same interface within the same
commit, the routing protocol process (rpd) might dump core. [PR/291407:
This issue has been resolved.]
9.5 R1
This section lists issues that were fixed in JUNOS Release 9.5R1.
The identifier following the description is the tracking number in
our bug database.
Software Installation and Upgrade
The ARP aging time configuration in the system configuration
stanza in JUNOS Release 9.4R1 is incompatible with the ARP aging
configuration in JUNOS Release 9.3R1 or earlier and JUNOS Release
9.4R2 or later. If you have configured system arp aging-timer aging-time on an M-series, MX-series, or T-series
routing platform running JUNOS Release 9.4R1 and upgrade to JUNOS
Release 9.4R2 or downgrade to JUNOS Release 9.3R1, the router will
display configuration errors on booting up after the upgrade or downgrade.
As a workaround, delete the arp aging-timer aging-time configuration in the system configuration stanza
before you upgrade or downgrade from JUNOS Release 9.4R1, and reapply
the configuration after you complete the upgrade or downgrade. [PR/
425221: This issue has been resolved.]
Platform and Infrastructure
You might encounter output drops with the 10-Gigabit Ethernet
PICs. The output drops occur because the software incorrectly calculates
the number of queues for polling statistics in a 10-Gigabit Ethernet
PIC, even though it is different from other PICs. [PR/277693: This
issue has been resolved.]
The MX Tri-rate DPC does not support MAC accounting and
returns the following message: "error: MAC accounting and policing
not supported." [PR/387919: This issue has been resolved.]
When you have configured the vrf-table-label statement
at the [edit routing-instances routing-instance-name] hierarchy level for a VRF routing instance, IPv4 and IPv6
MTU error notification is not handled properly. On M320 routers with
an incoming FPC as SFPC and an outgoing FPC as FFPC, large IPv6 packets
are not being detected and discarded properly. [PR/397334: This issue
has been resolved.]
When the Routing Engine requests numerous statistics that
surpass a set boundary, "PFEMAN: Couldn't write..." messages might
be logged and DPC core dumps might occur. [PR/398233: This issue has
been resolved.]
When you configure per-packet load balancing, outgoing
traffic is dropped on T640 routers. The problem is exacerbated if
you have configured two PFE instances. [PR/402031: This issue has
been resolved.]
Aggregate bundle child interface statistics do not account
for the packets sent to a demux interface using an AE bundle as the
underlying interface. [PR/403570: This issue has been resolved.]
When ifd channel mode is of type HYBRID, LSI statistics
are counted every time ifl_stats are collected for each logical interface.
This causes the LSI input counters to be incremented by a multiple
of the logical interfaces. [PR/404857: This issue has been resolved.]
With the E-CFEB on the M10i router, the backup Routing
Engine will go to the database prompt when GRES and NSR are enabled
with a Layer 2 circuit configuration. [PR/409075]
The show pfe statistics command is not displaying
the I-CHIP Ipktwr packet drop counts. [PR/416477: This issue has been
resolved.]
Under rare circumstances, it is possible for the kernel
to panic on the TX Matrix LCC or on the SRX platform following a Routing
Engine switchover or RDP connection timeout between the LCC and SCC.
[PR/416973: This issue has been resolved.]
For multicast traffic, if the OIF is on an aggregated
interface and its member link is on a different PFE (for example,
7/1/0 and 6/1/0), multicast traffic might be lost after the FPC, which
has IIF for the multicast, is rebooted. [PR/418583: This issue has
been resolved.]
Initial ARP packets are discarded by the default ARP policer
because when a T1600’s FPC restarts, the current credit is initialized
to JT_POL_SR_CURRENT_CREDIT_MAX, which is 0xFFFFF. This has a high
negative value in SR, so packets are dropped until it goes down. As
a workaround, you can initialize the current credit to max_credit_limit
(which is equal to (credit_limit / Rate) * time_credit), approximately
equal to TC. [PR/419909: This issue has been resolved.]
The SNMP remote operations process (rmopd) might fail
after configuring a BGP neighbor with a local address. [PR/420504:
This issue has been resolved.]
In JUNOS Release 9.3R1 or higher, on Juniper Networks
routers with Type 4 FPCs or T1600 routers, multicast traffic is not
counted within the interface statistics counters once class-of-service
rewrite rules have been applied to the interface. [PR/420681: This
issue has been resolved.]
On the MX-series router, when you configure MPLS and a
tunnel configuration on the same GE DPC, the tunnel interface shows
traffic as the sum of the traffic of the other GE interfaces on the
DPC. This is a cosmetic issue and does not affect functionality. [PR/422274:
This issue has been resolved.]
Interfaces and Chassis
In OC768-over-OC192 mode on the 4-port OC192c PIC, when
you change the clocking internal statement to clocking
external at the [edit interfaces interface-name] hierarch level, the clock may not come up. [PR/395847: This
issue has been resolved.]
The AE bundle statistics (issue the monitor interface
traffic command) on T640 routers display a high value when the
FPC is taken offline. There is no issue with the TX Matrix. [PR/399451:
This issue has been resolved.]
Aggregate bundle child interface statistics do not account
for the packets sent to a demux interface using an AE bundle as the
underlying interface. [PR/403570: This issue has been resolved.]
With the E-CFEB on M7i and M10i routers, total traffic
loss might occur after a CFEB switchover. [PR/407608: This issue has
been resolved.]
With the IQ2 interface, the queue scheduler will not work
as expected for shaped L2TP sessions. Only the rate limit will work
on a per queue basis. This problem is not present for Enhanced IQ2
interfaces. [PR/409590:This issue has been resolved.]
When a 10-Gigabit Ethernet interface of a DPC is connected
to a faulty optical card which is causing the link state to change
at a very high rate, the DPC might fail. [PR/411072: This issue has
been resolved.]
The valid range for timeslot under e1-options in channelized E1 (CE1) interfaces of Enhanced Intelligent Queuing
(IQE) PICs is 2 through 32. This option is used to create fractional
E1 interfaces. [PR/416800: This issue has been resolved.]
When a Layer 2 policer is applied to the egress interface
of a router, the dropped frame statistics might show incorrect information.
[PR/419181: This issue has been resolved.]
On an IQ2 PIC, the slow aging interval might be overwritten
with a value of 202 seconds. This causes the MAC entry to be removed
between 6 and 7 minutes. [PR/419510: This issue has been resolved.]
Services Applications
With the E-CFEB on M7i and M10i routers, If you configure
a firewall filter with an action of sampling and then apply the filter
to the interface, all the packets received on the PIC are corrupt
and consequently dropped. [PR/408802: This issue has been resolved.]
On an M7i or M10i with the enhanced CFEB, if you issue
the deactivate forwarding-options sampling command, sampling
stops for both IPv4 and IPv6 traffic. If you then issue the activate
forwarding-options sampling command, sampling resumes for only
IPv4 traffic. [PR/415140: This issue has been resolved.]
If you are setting the option refresh rate using the flow
monitoring feature supported in version 9 and you set the lowest rate
to IPv6 and the highest rate to IPv4, the device will treat IPv6 as
having the lowest rate. [PR/416788: This issue has been resolved.],
Layer 2 Ethernet Services
When you configure GRES on the MX-series router, the SIB
might not initialize if you reboot both Routing Engines simultaneously,
or reboot the router with only one Routing Engine installed. [PR/408359:
This issue has been resolved.]
Integrated routing and bridging (IRB) configured over
VPLS or multicast might not be reachable. As a workaround, clear the
ARP table with the clear arp command. [PR/418438: This issue
has been resolved.]
Subscriber Access Management
When a RADIUS initiated disconnect is attempted on a client
session which does not have time-based accounting enabled, the generic
authentication service process (authd) currently logs out the session
and cleans up, but does not send an Ack message back to the requesting
server. This may lead the RID server to retry even though the subscriber
has already been successfully logged out. This problem occurs when
volume-based accounting is configured or when no accounting is configured
for the subscriber. It does not occur when time-based accounting
is configured for that subscriber. [PR/417765: This issue has been
resolved.]
General Routing
On a TX Matrix with JUNOS Release 9.1 and above, configuring
the generate statement at the [edit routing-options] hierarchy level with a reference to a policy results in the commit
not completing successfully. [PR/416380: This issue has been resolved.]
Routing Protocols
On a router with dual Routing Engines and NSR configured,
the backup RPD may go down in rare instances while processing an indirect
next-hop delete. [PR/302731: This issue has been resolved.]
When you transition an MVPN configuration from sparse
mode to dense mode, you might need to restart routing to ensure that
dense mode (DM) is flooding properly over the core router's default
multicast distribution tree (MDT). [PR/398110: This issue has been
resolved.]
If GRES is not enabled, on a Routing Engine switchover
the routing protocol process (rpd) on the new backup Routing Engine
quits before cleaning up the forwarding table. [PR/402372: This issue
has been resolved.]
With JUNOS Release (9.3R1) or higher with a Type 4 FPC
or T1600, multicast traffic is not counted in the interface statistics
after the class-of-service (CoS) rewrite rules have been applied to
the interface. [PR/420681: This issue has been resolved.]
VPNs
If MAC addresses are learned within a VPLS instance, CE
devices will communicate directly even though the no-local-switching statement is configured. [PR/419976: This issue has been resolved.]
Multicast group addresses ending with .232 are classified
as SSM groups when using multicast VPNs. These routes will not be
installed in the multicast VPN routing table and all traffic destined
to these destinations will be dropped. As a workaround, include the asm-override-ssm statement at the [edit routing-instances
routing-options multicast] hierarchy level. [PR/426811: This
issue has been resolved.]
Forwarding and Sampling
The policer value does not change dynamically on changing
the shaping rate. The policer keeps the initial value. As a workaround,
deactivate and activate the filter. [PR/286663: This issue has been
resolved.]
